-
1. Re: Getting user roles after login
Look into the source of JbossSecurityMgrRealm
( can be found in CVS repository, where exactly ->use google )
You will see how it gets user roles to authorize access
It could well store role set somwhere on the session,
if not -> subclass it and store them on the session
or write own interceptor class whoch does it for you. -
2. Re: Getting user roles after login
simply use:
javax.servlet.http.HttpServletRequest.isUserInRole( "theRoleName" ) -
3. Re: Getting user roles after login
Thanks.
I am creating a menu of actions based on the user's roles. I would like to get the list of roles for the users and then use that to get the available actions.
I would prefer to not get every action then check to see if the user is allowed to perform it based on their roles.
Thanks, -
4. Re: Getting user roles after login
Hi,
The example I sent you before contains code to obtain the user's roles from the current Subject. Something along the lines of:
InitialContext ic = new InitialContext();
Subject subject = (Subject)ic.lookup("java:comp/env/security/subject");
// To list the Principals contained in the Subject...
Iterator principals;
// To get the roles (the instance of java.security.acl.Group in the list of Principals)
principals = subject.getPrincipals(java.security.acl.Group.class).iterator();
if (principals.hasNext()) {
Group roles = (Group)principals.next();
Enumeration roleEnum = roles.members();
while (roleEnum.hasMoreElements()) {
_log.info("Role: " + roleEnum.nextElement());
}
}
The roles are stored as a principal (Group) named "Roles" in the set of principals in the active Subject. Strictly speaking you should check this is the case rather than just going ahead and and using the first instance of Group you come across...
I take it you got your form-based authentication working OK then??
Luke.